With the release of WoW Cataclysm, Azeroth will be re-forged and "classic zones will be forever changed by the cataclysm". At first glance, this seems like a nice way to appease some of those old nostalgic feelings.. you know, starting from the beginning again and levelling through familiar territory. But will that actually be the ultimate effect?

Blizzard's launch of Cataclysm could finally end the Classic/Pre-TBC Realm question, or it could be a strategic move to implement it in future expansion packs.

One of my sources tells me that "Classic WoW Realms" has been discussed internally at higher levels and at great length for quite a while now. It might not mean anything at all, but it also might mean that certain executives have a vision or plan for the game that they're not yet ready to reveal.. and may all depend on what happens with Cataclysm.

It will never happen!

You're probably thinking to yourself, "But Blizzard SAID there will never be classic realms!"

There are even a TON of articles discussing Vanilla WoW realms, and they have all said "Blizzard flatly denies that they will ever create a Pre-TBC server", "Blizzard confirms no vanilla ever", etc.

But that's not exactly true. Here's what Vaneras (the source of all those posts) actually said:

Kalgan pretty much said the same thing. I would have been completely satisifed if they had said, "Blizzard will NEVER launch a classic realm. I promise. This will never happen." But, they didn't.

Instead the official statement was "Sorry, but at this moment in time we have no plans.."

There are 3 things wrong with this statement:

"Not at this moment in time" - Logically, that means that they COULD have plans immediately AFTER the post. This is also classic corporate-speak which I wrote about it in an earlier post.

"We have no plans" - Of course they have plans! They been talking about it, thinking about it, the server teams have been planning the migration in their minds in case it ever does happen. Just because you have a plan or blueprint, doesn't mean you're going to build it. The word "intention" would have explained better.

Sorry to sound harsh, but Vaneras is just a CS Forum Representative on the EU Forums. He has no idea what the direction and vision of the Sr. Management team is.

Blizzard's Intention

Blizzard wants to slim things down (ie, reduce talents, remove character traits, massive stat changes, etc) in order to more easily manage the game. "Dumbing down" the game, as some people have put it, makes it much easier to escape the constant balancing act while also increasing general appeal of the game (people can jump in and play more easily). At least, that's the belief.

It could also be a way of closing the chapter on Classic WoW Realms by telling the players, "We're pushing forwards and innovating. You have to keep up with our changes. We're not looking back and neither are you."

Hmmm.. "major character changes", "moving into a new system", "old world is gone forever tough luck". This sounds just like SWG before they had their own cataclysm.

Blizzard's Possible Strategy?

But here's where all of those changes could be a very smart, long-term, and strategic move.

In Cataclysm, the world and it's citizens will be completely changed, forcing them into new world. Once the old world is gone, the need for nostalgia and familiarity will grow much stronger and with more players.

TBC and WOTLK will be remaining the same, but the Pre-TBC (Classic) world will be completely wiped off the map, so to speak.

That need for old world style gameplay has already happened with the hardcore classic players. But with the new and drastic change upcoming, it will influence additional hardcore and even casual players as well. That's a huge number of players that may lose interest in the game in 1-2 years timeframe, all because a requested feature was never implemented (ie, developers not listening to the customer.)

In order to combat a negative change in customers, the next expansion pack would have to be something very new and extraordinary:

Level cap to 100 or higher.

2 or more Hero Classes

Brand new skills and spells.

New classes, not just 1.

New races, not just 1.

2-3 times as many new Raids/Zones, and not reused canvases.

And maybe (well timed*) Classic Realms to lure the hardcore and casual players back in?

If Classic Realms don't get implemented, then they have to innovate (gasp) something for the next expansion pack. But this actually makes sense, and they have nothing to lose by doing it.

Note: There are a lot of arguments against classic realms because of the great deal of problems that they used to experience (server stability, latency, no resilience, class balance, long AVs, long raids, hard to get epic items and mounts, world bosses, attunment chains, etc.) But all of that can be fixed and patched properly while still having the same Pre-TBC experience. Do you think Blizzard would really implement realms EXACTLY as they were? (And with which patch? There were TONS of changes in Pre-TBC.) This argument, however, will take too long to discuss and is off-topic, so I'll skip it for now. Let's just say though, that it can be done and done well. There would also be options when selecting a new realm to join - full classic server (2 variations), TBC realm, WOTLK realm, etc. If you don't mind hardwork to grind for gear, go with the full classic. It's not mandatory, just new realms to choose from.

Cataclysm is a test!

Cataclysm is an attempt to rejuvenate WoW and bring in more people. Since their customer base is decreasing, Cataclysm might also be a test to see what people really want. Blizzard (hopefully) will be watching the trends to make their next decision.

If the customer base decreases because they miss the old world, then classic realms is a definite possibility. For example, if interest in Vanilla-WoW Private Servers significantly increases (approx 8 months to 2 years) after Cataclysm, then that's a sign that they've been looking for. If one market can't provide a much needed service or feature, customers will simply goto another market - ie, private servers (currently in the thousands.)

Here's what the trends are showing right now. There's already a massive increase in the need for classic realms, and users are moving away from Official Servers to Private Servers instead (ie, they're choosing someone else over Blizzard who is actually providing the requested feature.)

ScapeGaming (was a commonly utilized WoW Private Server) had over 420,000 users but are currently involved in a legal case with Blizzard. That's just one private server and it's larger than most 2nd-tier MMO's!So you can say that there's a definite interest and strong user base playing on WoW private servers.

Or am I just wrong, and Blizzard doesn't consider long-term variables like this?

Cataclysm might just be the final nail in the coffin. If so, it could also be a slap in the face: it's like a constant reminder of times gone by, and how you will always be pushed forwards against your will.

Will Cataclysm actually appease the need for nostalgia, or will it cause even more players to evoke nostalgic feelings who to bring back to the "good ol' days"?

If it doesn't appease their needs and they don't plan on launching Classic realms, Cataclysm will just be another expansion pack (probably the 2nd last for WoW), you'll see a lot of preservation webpages popup (ie, images/videos of the old world), a large increase in private servers, and a significant drop in customers. Can the next expansion pack save them though? If so, it needs to be something big.

Don't underestimate the power of nostalgia

So about this "nostalgia" feeling.. can WoW user really be THAT influenced by it, and can it really cause such a mass exodus of players?

Consider this:

It's already happened (albeit in a slightly different form) with the SWG MMORPG.

Marketers use nostalgia to influence what you purchase. It's highly effective.

WoW developers have already put nostalgic pieces in the game already ("Captain Placeholder" is returning in Cataclysm no less).

It's hardwired into all human brains.

It's so significant to our behavior that it was once believed to be a cerebral disease.

Nostalgia can cause emotional pain or joy, which has a huge impact on our decisions (see conditioned response.)

Summary

For the tl;dr readers, here's the condensed version. There are 3 possible outcomes:

If Cataclysm appeases the need for nostalgia, it will be a big win for Blizzard and finally closes the chapter on vanilla WoW. (There are trends that will prove this: internal records, WoW forum posts, Google interest searches, and number of Private Servers / User counts.)

If Cataclysm evokes increased nostalgia (visible trends again), Blizzard may introduce a "huge feature" in the next expansion pack.. classic realms (and perhaps variants to choose from.) A very smart strategy, and a way to reduce development costs on the next expansion. =]

If Cataclysm does increase nostalgia, more users ask for Pre-TBC realms, and trends increase in favor of Vanilla WoW servers (e.g. private servers, posts, requests, etc.) but the feature is never introduced, sales will not be hurt but existing customers will leave. Keep in mind that customer counts and sales have decreased and the existing customers are the ones that they desperately need to hold onto.

So far, it looks like that YouTube video hit ~30,000 views in a just a couple days after posting. =]It's a classic "Blizzard Meeting" parody that's been done in the past, my favorite being the Fangtooth Paladin clip.Other than that, on the side I've been busy collecting information on Blizzard's Next-Gen MMO. I have a few contacts at Blizzard and I've been putting together some pieces (it's not A LOT, but enough to get a good idea of what they have planned). It sounds pretty cool actually, but I'll have more details within the next few weeks I hope.

With the launch of SC2 early next week, I'm really looking forwards to one little thing that many have forgotten: Battle.net in-game ads.

I've been really curious how exactly they're going to pull it off. Of course, it probably won't be implemented right away so as not to spoil the beginner's experience - but you should see something implemented in the upcoming months.

When Rob Pardo first announced Blizzard's new directive (making more money from Battle.net), a lot of people were worried that he meant subscription based fees for SC2 and Diablo 3. However, Blizzard has promised that it is not their intention.

But Blizzard isn't exactly known for keeping their promises.

In World of Warcraft, for example, a lot of the promised content that was never implemented comes to mind. They also said that there would be no micro-transactions for World of Warcraft.

Regarding Diablo 3, Rob Pardo said in the interview: "Here's the way I would put it. We're definitely not looking at turning Diablo into a subscription based game."

That leaves it open to interpretation, in case they change their minds later. It's "corporate-speak", and you'll see that a lot of that same wording from gaming industry representatives:

"We currently do not have any plans for.."

"We're not looking at it right now.."

"Presently, we have no plans to.."

Rockstar Games said the same about Red Dead Redemption for the PC. Guess we'll see..

Now personally, I don't think SC2 or Diablo 3 will be subscription based.. but Battle.Net might be, especially because of their new corporate direction and vision. The "free online versions" of SC2 and Diablo 3 will always be an available option, but BNet could incorporate subscription based fees for premium content and features (e.g. to make things more "convenient" for users like priority queuing or special access to events and competitions.)

With the social networking features being added, it's going to significantly increase ad-targeting potential as well as increase sales (users inviting friends, promoting the game, etc.) It's funny how so many corporations are trying to cash in on each other's markets. Twitter wants to get into advertising, Google wants to be a social platform, Facebook wants to be a search engine, and Blizzard wants it all. (Blizzard's new social features are also being heavily incorporated into their "Next Gen MMO" but I'll talk about that later..)

Starcraft 2 LAN Play - Why was it really removed?

I often wonder if the monetization of BNet was the deciding factor in leaving LAN play out of Starcraft 2.

You see, when users are playing LAN Starcraft 2, there's really no purpose to being online - or should I say, that's a common belief. An internet connection might just get in the way of gameplay, so independent networks are created for small/medium LAN parties (30-50 people on one DSL will plug up the pipe and even be against ISP terms of service). Usually though, LAN parties will have internet access. But Blizzard can't take that chance! If users aren't connected to the internet, then they won't be receiving in-game advertisements.. all of that potential revenue lost.. it's completely unacceptable.

It's easier just to remove LAN play, save some money on development, and blame it on the classic piracy scapegoat.

"We don't currently plan to support LAN play with StarCraft II, as we are building Battle.net to be the ideal destination for multiplayer gaming with StarCraft II and future Blizzard Entertainment games. While this was a difficult decision for us, we felt that moving away from LAN play and directing players to our upgraded Battle.net service was the best option to ensure a quality multiplayer experience with StarCraft II and safeguard against piracy."

Blizzard also said, "We want to make an online experience so good, that you won't want to have a LAN party." (Source)

So the reason for removing LAN play is because it doesn't fit in with the direction of BNet services (interesting.. like ad-targeting perhaps?), it will ENSURE a quality multiplayer experience, and it will safeguard against piracy.

* UPDATE: I've created a visual aid (Fair Use FTW)

But how can you have a "quality multiplayer experience" if you lose internet connectivity, are under heavy latency, Blizzard servers crash, or your ISP has issues? Can you ENSURE 100% uptime of servers and personal internet connections? Bottlenecking the users does not ensure quality.

Regarding piracy, there is no safeguard against piracy. (Unless it's a streaming game where no data is stored locally.) Every single game has been cracked and there has never been any method of "copy protection" that has actually "protected against copying." Copy protection is a myth.. there are "copy protection approaches" but that's it. In fact, removing copy protection measures actually makes it more convenient for the user and improves their gaming experience (case in point: No-CD cracks.)

If Blizzard doesn't implement a much-need feature, then someone ELSE will implement it.

Look at Kali for example, it filled a void because of a missing feature.

And then there's BNetD and PvPGN which are fully available (and open-source) BNet emulators that allow LAN play of Warcraft 2, Warcraft 3, Starcraft, Brood War, Diablo 1 and Diablo 2. There are thousands of BNet emulated servers out there providing the service that everyone wants.

Future versions (and probably alternative software) will support SC2 and Diablo 3. Blizzard knows this, there will be LAN play and they won't be the ones providing it.

History has proven that removing features to prevent piracy will actually increase piracy. Those who forget the past and all that.

(On a side note.. wouldn't it be funny if private BNet servers implemented their own in-game advertisements? WoW gold sellers would be a nice touch.)

* UPDATE:

Two months after that video was released, Bobby Kotick has now decided NOT to implement in-game advertisements into Starcraft 2. I guess they changed their minds after the massive uproar (just like mandatory Real ID).

"There was a time where we thought advertising and sponsorship was a big opportunity, but what we realized is our customers are paying $60 for a game or paying a monthly subscription fee and they don't really want to be barraged with sponsorship or advertising," Kotick explained.

They were fully intending to implement in-game ads, they had a relationship with Massive, Inc. all set, but now the plan has been cancelled, their Terms of Use has been revised again, and that new Battle.net (2.0) advertising page was pulled too. =]

Something very interesting just happened to me. And coincidentally enough, this also fits in with the ongoing Blizzard Series.

Back in 2006, I created a highly unusual and unique Gmail account that was used strictly for one of my WoW accounts (I own many). I didn't want any spam sent to the account, hence the reason for it's length and unique name.

The only place the email account name was ever "shared" was on my WoW Account. That was the entire purpose for the email address actually, for WoW only. The email address is not public, never used, and highly unique.

I should note that it's been 4 years now and I have never received even a single spam message on the Gmail account.

I reactivated the old WoW account (which hasn't been active in 2.5 years mind you).

Although I haven't received any spam messages in 4 years, I suddenly received one from a WoW Spammer approximately 3 hours after activating my WoW Account. I was shocked.

This was all done from a very secure (and virtualized) PC and this is actually the very first WoW Spam message I've ever received on any of my Gmail accounts.

How on earth did they find me?

Is it possible that my email address was leaked by Blizzard (well, someone from Blizzard)? And why did I receive a spam message so quickly? Did I happen to request a password change at just the right time when transactions were being monitored?

One of the primary defenses that Blizzard supporters use (when questioned about internal account theft) is that GM/CS Forum Reps/etc do not ask for passwords, and that they do not have access to passwords and can only reset them.

I always get a chuckle whenever they use this defense.. mostly because their only exposure is to GMs/Support and they have no idea what goes on behind the curtain. GMs may not have access to passwords through their ugly-homegrown-support-interface, but they sure can see your email addresses or ask for them. Targeted WoW Account Phishing sure is a lot easier when you have a database of actual WoW users!

Sure, there are "security measures in place" for GMs/Support Users, but that same policy does not apply to the IT team, administrators, the policy creators, the CEO, and database admins who have raw access to account and billing information.

Are passwords actually encrypted at the database end? Consider this: the more complicated the encryption and security measures, the more time it takes to approve your password/account and login. How quickly can you login on a slow day? Also, email traffic isn't encrypted.. so it would be quite easy for an internal employee to sniff SMTP traffic for email addresses or intercept password reset URLs. Packet sniffing is monitored internally by the way, but there are always ways to avoid detection or atleast capture.

Something to think about.

It's also interesting to note (while I'm on the subject of passwords) is that the reason GMs and Customer Support make a point that they'll "never ask for your account password" is because they already have FULL access to your account without your knowledge or permission. (As if your permission really matters though.)

It's actually quitecommon for a GM to login to your account to test issues, see if mods are interfering with your gameplay, or to fix problems while you're offline.

With all of these posts about Blizzard/WoW, I was feeling a little nostalgic and broke out an old list I had created back in April 2008. It was originally posted to gamefaqs.com (moderator removed it - he "didn't consider it appropriate for the WoW Forum" for some reason) and then I posted it on the Age Of Conan Beta forums too.

Here's the list so far. If you can remember some fond (or not-so-fond) memories of World of Warcraft during the beta and first couple years of retail, please let me know.

Block values were added to shields. Blocking an attack used to avoid ALL damage of an attack.

There were Shields and Bucklers. Pallies/Warriors had shields & Rogues/Shamans had Bucklers.

Rogues had the "Block" ability in their skillset.

There were "Spear weapons" and Druids could use them. Druids could also equip Polearms.

Players earned skill points based on experience points from killing monsters. Skill points could be spent on tradeskills (changed to "Professions" later), weapon skills, purchasing mounts, and to increase attributes!

"Plainsrunning" was the Tauren's only Racial Trait. Here's an excerpt from Blizzard on mounts: "Mounts are expensive and race specific, but players can spend skill points to learn how to ride other mounts. Mounts can be bought or acquired through quests. In order to summon a mount, you must use a specific scroll. Upon dismounting, the mount disappears (though the scroll remains in your inventory). Mounts come in a variety of colors, shapes, and sizes, and provide an armor bonus." Taurens did not have mounts, they "instead have a special racial ability called Plains Running which allows them to run very quickly for a certain amount of time."

Zeppelins and Boats frequently dropped you into the sea (sometimes resulting in death depending how far out you were).

You auto-dismounted on all STV bridges.

Hunters had focus, not Mana. (Note: this is making a comeback in Cataclysm)

Dwarf Mages! Although this was removed at one point, players were able to keep their Dwarf Mages until end of beta. (Will be coming back in Cataclysm, yay!)

Mages had the spell "Sleep". Polymorph replaced it later.

Cross faction mounts (Gnomes on Wolves).

Frost Armor and Ice Armor Stacking.

Mages had the Invisibility spell at earlier levels. There was Lesser Invisibility, Invisibility and Greater Invisibility. They could also cast while invisible. (Invis Pyroblasting FTW.)

Undead spoke [Common], not [Gutterspeak].

Shamans had spell "Molten Blast".

The Warlock talent Ruin was called Holocaust. (Guess why it was removed.)

Innerfire gave Attack Power.

Cities had no maps and guards didn't provide directions. Difficult to navigate cities.

Quest rewards were not soulbound. High levels were paying well for [Sticky Glue] from newbies.

Rogues had "Feign Death" ability, and Druids had "Play Dead" while in Cat Form.

Polymorph affected Beasts, Dragonkin, Dragons, Giants, and Critters.

Priest ability: "Brainwash"

Mind Control was amazing. Could use all of the enemy's abilities, and you could buy items/mounts with enemy NPCs.

BoP was called "Bind on Acquire"

Bodies decomposed slowly when you rezzed.

Players could use Ghost Form to travel long distances, and rez at far off locations.

Blizzard said that at level 40, you could specialize in skills to become a Hero Class. The available hero classes would depend on your base class and race. Human Paladin became Death Knight, Dwarven Warrior became Mountain King, Night Elf Hunter became Demon Hunter, Orc Shaman became Far Seer, etc. (This was all long before TBC keep in mind. You can still see old WoW posts via archive.org)

Blizzard promised that they would fix player ganking by introducing Dishonor Kills (DK). This was changed to Battlegrounds a few months later and ganking was never fixed.

Blizzard promised Player Housing.

Blizzard promised substantial new content each month. There were supposed to be major content patches every month with "new quests, new items, and new adventures" (Link) as well as new zones/dungeons/etc.

The naming policy was very strict and heavily enforced. You wouldn't be able to get away with the name "Spam", "Teabag" or "Chucknorris". All names had to be unique, and not named after "real life" words or names. Special characters were also not permitted.

Here are some old screenshots promoting the game when it first came out. I'm searching for an old Forum post where a Blizzard representative stated "substantial content updates every month" and showed a list of planned areas, new instances, items, classes, etc. I suspect they quickly stopped doing that once they understood the time and resources required, and just decided to create the expansion packs instead.

Action: Topic Deleted
Reason: Off-Topic Posting
Status: "Upheld - This moderation has been upheld by another moderator. This means that two different moderators have agreed that this message is a TOS violation."

Apparently, 3 moderators (who really knows if it was more than 1 person though) decided that WoW beta nostalgia didn't belong on the WoW Forums. It was also posted on the Official AoC webpage forums though (there was a discussion and comparison to WoW prior to launch), and ended up getting over 5,000 views, 250 views, and I received ~50 private messages thanking me for the post. The moderators there didn't even have an issue with it.

Apparently there weren't too many lists out there that collected this type of information. It always gives me warm fuzzy feelings everytime I look at it though since I was in the closed beta myself. I hope you have fond memories as well reading this. (If I missed anything, let me know.)

While I was looking around for public Blizzard employee information, I came across an old article from wow.com called "Account security mythbusting."

It's a very entertaining read, you should check it out.

The article was written by Michael Sacco (Dec 31st / 2008) where he disproves various "myths" about the company due to his vast experience working for Blizzard Entertainment.

Here were my 2 favorite parts from the article:

MYTH: Blizzard's internal security has been compromised, which is why these notices have gone up.

Blizzard's internal security has never been compromised. If your account is compromised, it is your fault.

Take it from the dude who worked there--it's not Blizzard's fault that your account was compromised.

Myth Status: BUSTED

Wow! That's a very bold statement!

Although... he does mention "hackers" breaking into Blizzard from the outside. That's a different approach then what I was writing about. I don't think he considered internal theft. It's not called "hacking" if the employee simply copies-and-pastes customer details into an email. =]

Like I said though, no security is foolproof and there's no such thing as 100% security. It's simply Data Security 101.

MYTH: Blizzard Authenticators can be hacked, removed, or bypassed by a third party.

Myth Status: BUSTED

Blizzard Authenticators can be removed by social engineering means (he confirms a couple ways). As for stating that it's impossible for Blizzard Authenticators to be hacked or bypassed.. sorry, it did happen.

Encryption can _eventually_ be brute force cracked (so I try to avoid words like "impossible", "never" or "can't"), but after all that there's no point in encryption if there's a keylogger on your PC.

His article has a few other "myths" too, but they're irrelevant to my earlier posts.

I didn't see any internal affairs or IT/Security related positions in his past. (Typically, you're privy to different levels of information based on your pay grade and the circles you operate in.)

Also, from what I was told by Blizzard employees, the internal affairs positions were part of a very small and "elite" team, and you were selected rather than applying for the position. This team was also heavily discouraged from interacting with the other ("regular") employees due to their important responsibilities.

I'd like to keep atleast some evidence that they did at one time exist, especially because so many people said it didn't exist and then proceeded to insinuate that a Tin Foil Hat was needed. :P (Even with all of that other supporting documentation that I provided.)

Funny that Blizzard is suddenly removing all of those posts.. I guess my post must have hit a nerve somewhere? =] I don't think it's really that big of a deal though, I was just trying to make a simple point that no business is 100% secure and fraud incidents can either be internal or external.

Some were taking the post a little extreme, "It's a conspiracy!!!". But I think it's just because they've never heard of it before and don't realize just how common internal fraud is.

So to clarify: Don't worry, it's actually no big deal - this happens EVERYWHERE. You've just never been aware of it. =]

I've worked with several Fortune 500 companies and every single one of them has some form of fraud. Whether it's physical theft of office supplies, theft of credit card numbers, theft of virtual property, account details (for harassment purposes) or theft of company information (corporate espionage), it can happen and does happen. It also depends on the employee's position, moral character, security rights, skills and data that they have access to. (For example, a Billing Representative might have access to credit card information, but not virtual account details.)

"The U.S. Chamber of Commerce estimates that 75 percent of all employees steal at least once, and that half of these steal repeatedly. The Chamber also reports that one of every three business failures is the direct result of employee theft. According to the U.S. Department of Commerce, employee dishonesty costs American business in excess of $50 billion annually. It can happen in your company." Source)

Apparently, I am 'trying to make some kind of conspiracy theory about Blizzard recently having a job listing up for a "fraud manager".'

Faizaniel, by the way, is one of Blizzard's Most Valuable Posters (apparently #1 of all MVPs)! His position is described as someone who consistently answers Blizzard questions with accuracy and credibility. MVP's also promote constructive posting, are polite, they tell the truth, and that they're specifically chosen due to their strong knowledge. Interesting..

Anyhow, here's the official Blizzard posting for the job that doesn't exist. =]

Job DescriptionBlizzard Entertainment has an immediate opening for a fraud manager with a minimum of five years experience in this type of position. Duties will involve investigating credit card accounts in order to detect and stop fraudulent activity while preventing chargebacks and consumer disputes. Additional duties include calling issuing banks and customers for transaction verification, reviewing account referrals for fraudulent activity, and replying to third party inquiries.

The job posting was previously on the Blizzard.com Careers page, however it was quickly removed after my Reddit comment on this post regarding the position and what the job entailed. The posting was available on about 10 different (and highly recognized) job boards, and they were all posted at different times & dates. The "Fraud Manager" position was also posted 'new' on June 16, 2010 - however ALL references to this fraud manager position were removed just after my post. It's definitely eyebrow-raising.. I could understand if they expired automatically, but they were posted at different times and the fact that one job posting was pulled after only 2 weeks is highly suspicious. =]

At the time, I thought it would just be interesting to talk about the jobs available at Blizzard, and what that says about the company and internal operations. If I had known Blizzard was going to delete all references to their fraud-related internal investigations team - I would have taken more screenshots.

(FYI: There have also been postings for internal affairs and fraud specialists over the past year or so, in addition to the recent "Fraud Manager" job.)

Here are some other jobs that Blizzard has hired for in the past by the way:

In the end, the point I'm trying to make is this: Blizzard hires individuals to fill a need in the organization. One of those needs is to prevent, monitor, and investigate fraud within the company.

Prevention involves implementing security measures and software to prevent fraudulent activities, as well as creating effective internal policies (with follow up enforcement and education.) However, monitoring and investigations (this is their job responsibility) are both POST-incident activities. In order to catch someone in the act (monitoring), you need see the incident occurring and action. If the fraud activity is not caught but there is evidence, then it's fully investigated (reports, logs, paper trails, speaking to users involved, etc.)

So, they are hiring Fraud Specialists whose duties are to investigate fraudulent incidents that have basically already taken place. Therefore, this isn't really a "preventative" position, as that would fall under the scope of InfoSec / IT Security / Applications Development.

Note: When there is a billing accident (e.g. Blizzard bills you twice), that's not corporate fraud - that's just a simple mistake. Once you alert a Billing Representative, they can quickly and easily revert the charges for you. Although some people care calling these billing mistakes "fraud", it's far from it.. the Billing Department fixes these, there's no need for a fraud investigation to take place. When actual fraud occurs there are two things that happen: internal fraud or someone external trying to defraud Blizzard. What's important to note, though, is that the "Fraud Manager" description does not mention working with Credit Card companies, but it does mention dealing "directly with law enforcement" and the utilization of "internal fraud tools and system/site admin tools."

One other interesting item is that one of the primary skills required for this job is the "Ability to maintain extreme confidentiality." This makes it very difficult to obtain information on the position, but here's a couple Blizzard employees I found that were previously in the Fraud department:

* the "Fraud Specialists" title is kept out of public eye, instead they are called "Billing Representatives" in official announcements & postings. (See "Reputation Management".)
* there are multi-millions of yearly loss due to internal fraud.
* there's a Global fraud team. (See "Data Breach Notification laws", based by country.)

* moving up quickly within the company, do I see senior management in his future? =]
* his job description was later updated to show "Internal Affairs work." Note, that's "internal affairs" not external investigations.

Additional details on Andrew show that his position is called "Internal Affairs, Account Administrator". Take note that he investigates internal employees for infringement of company policies. (Many people are still in complete denial of this, but it's very common practice in both Blizzard and other corporations - they need internal security teams to monitor their own employees for policy violations like theft of property or information.)

* the "Internal Affairs" position involves documentation and maintenance of records about their internal employees.
* there are external information leaks, which he also investigates.
* there is large scale exploitation and collusion. This is actually pretty serious, and means that there are massive cover ups and conspiracies taking place within the organization (really though, a conspiracy is just 2 or more people working together to some end.)
* also note that large scale exploitation wouldn't mean the occasional player exploited the game.. this is large scale exploitation within the organization (ie, theft of information and exploitation of said information)
* there are internal investigations and reports of external impacts due to internal activities (e.g., fraud, theft & selling, etc.)

* he's on the Internal Affairs team that monitors Customer Support departments who are responsible for support WoW and SC2 customers.
* he works out of the call center in Ireland

Addendum:

- To the Blizzard employees reading this. I'm sorry guys, but as a result of this posting you may see more stringent policies regarding information that you can post publicly. For example, certain job titles can no longer be posted on LinkedIn, etc.

- Even with this overwhelming evidence, it boggles my mind that many people are still convinced that internal security positions within Blizzard do not exist, or they tell others that "internal affairs" means investigating players for hacking, botting, etc. It's normal for businesses to investigate and monitor their own employees, especially if they have access to account or credit card information. Anyone who has worked in a corporate environment knows this. Unfortunately, there's a false belief (complete denial?) that Blizzard employees can do no wrong. Were you aware that most "Blizzard" customer support staff are in fact outsourced to overseas call centers (ClientLogic / Sitel) where they're paid poor wages? Surprisingly, most players are not aware of this.

"To date Blizzard's systems have not been compromised at all. They are absolutely vigilant about their systems 24 hours a day. They have teams in place to monitor this every single second of the day."

Really? Come on.

I have to roll my eyes every time someone makes this comment, and I think it would be insulting to the intelligence of you readers if I were to link to any of the millions of research papers that address this silly misconception. In any field, security is actually a degree of security.. several measures and processes need to be implemented in order to further protect an asset.

Speak to anyone in IT / Security circles, and they'll all tell you the same thing: nothing is foolproof & nothing is perfectly secure. The Martin Fury internal affairs investigation comes to mind. And, the WoW Authenticator was also once described as fool proof.

Since I'm specifically interested in public Blizzard information, though, let's take a look at something that their official representatives have to say on the subject:

Here are the most interesting take-away's from this post:

"To date, Blizzard Entertainment has not been compromised"
"an inside job is not easy to perpetrate"
"in addition to oversight, there are substantial and multi-layered safeguards in place"
When the OP wrote "All I'm expecting is for people to at least open their minds to the possibility...", Malkorix's response was "When logic is applied, I'm afraid that is is your presumptions that are ruled out =/."
"Of course no system is perfect - but that's why there are multiple layers of protection."
"Regardless, while I'm not in a position to determine the precise origin of your compromise"

To summarize what was said:
"An inside job is not easy, but also not impossible."
"Blizzard has not been compromised, but no system is perfect and I wouldn't know if it happened or not anways.. I'm not in a position that allows me to access those details." (Holy contradiction Batman!)

GMs, phone support, and CS Forum Representatives (such as Malkorix) don't operate in the same circles as the finance, IT/Security, and investigative teams. Investigation details are above his pay grade, and private information in regards to breaches or fraudulent activity within the company are kept private and confidential. I guess you could call this "plausible deniability" - no GMs/Forum reps are aware of any fraudulent activity, hence "to date, it's never happened within Blizzard." =]

Finally, here's a another tid-bit of information from Snowfox that explains "foolproof" systems:

You can learn a lot about a company though, by who they employ and the types of skillsets that they're looking to hire.

Now, remember how Blizzard flat out stated that "To date, Blizzard Entertainment has not been compromised"?

Ignoring all of the major security breaches that has taken place within all of Blizzard's games (maphacks, speedhacks, leveling exploits, bots, boss bugs, item exploits, xyz hacks, etc) and the variety of applications that can emulate Battle.net servers, let's look at security of their websites and databases. (If all of their games have been hacked, why should their applications be any different? But for some reason, most users still claim that Blizzard security is foolproof.)

Multiple breaches have occurred, however in each instance Blizzard made no announcements whatsoever. Instead, they were picked up by public new sources and Blizzard quietly swept the issue under the rug.

- On Jan 3 2001 the Diablo 2 Player Database was breached. Hundreds of thousands of accounts were deleted, and Blizzard had to recover 2 week old data from older backup systems because the normal backup database was also hacked.
- On Oct 7 2005 Battle.net was defaced.
- On May 19 2006 Blizzard's European WoW webpage was defaced.
- On Nov 26 2006, Blizzard's Starcraft webpage was hacked.
- In Sep 2007, the Warcraft.net and Battle.net webpages were hacked and defaced by an Algerian hacker.
- This happened again on Nov 16, 2007.
- Sometime before March 7 2008, a Korean user installed key logging software internally on Blizzard's network, allowing him access to server and personal information. Many accounts (possibly thousands) were breached, and the personal information (names, address, passwords, etc.) was used to hack accounts (for stealing items/gold) and sold on the black market.
- On Sep 25 2008, Blizzard employee accounts were hacked and the Battle.net forums were breached (Another). Apparently a few months before this incident, employee accounts were also hacked and keyloggers were posted by "Blizzard employees".

Note that the posts were requested by Blizzard to be removed? (more "Reputation management" as mentioned before.)

I think those instances definitely prove that Blizzard has indeed been compromised. And these are just the ones that made it to public internet sources, who knows how many other breaches there have been or how many others Blizzard has requested to be removed?

Note: On sc2pod, if you keep reading you'll see that there have also been other posts that Blizzard has ordered to be removed. Blizzard apparently has staff that monitors webpages and forums to control perception of the company (even Wikipedia is probably closely monitored by Blizzard).

Argument #2: Blizzard is required by federal and state law to notify of data breaches.

This was a pretty common reply actually and I was a little bit surprised that people believed this. A quick investigation would have revealed the truth. But that's what this series is all about: awareness.

You see, data breach laws vary from state to state and some states don't even have legislation at the moment.

There's also no federal laws that regulate data breach notification. However, there are some that regulate the type of information that can be collected and levels of security recommended (really it's just helpful guidance). Since data breach laws in the US vary from state-to-state (if it has a law at all), each law may be drastically different in regards to what is classified as a breach, fines, reporting, what needs to be notified, who is notified, governing bodies, etc. As you can imagine some state laws are more flexible than others. And that's only if the data is physically located in the US.

Consider the number of corporations that outsource or offshore their operations overseas. Due to their location, they are under no obligation to report any data breaches that may occur. Here are some companies that outsource/offshore by the way: IBM, Microsoft, Oracle, Cisco, HP, Dell, Gateway, AT&T Wireless, Telus, Bell Canada, GE, and wait for it.. Blizzard.

Under current CA State Law, Blizzard would typically only need to notify the single person affected (no mass announcements) and that's only if they confirm without a doubt that the individual's information was indeed breached. HOWEVER, Blizzard is under no obligation or law that requires them to notify anyone.

The most important data breach component is the “trigger mechanism”. In California, the obligation to notify an individual of a security breach is triggered in the likelihood that the breach will result in a “serious harm” or involves a “serious risk”. The threshold of “serious harm” or “serious risk” is an external determination.

It is the internal organization itself, however, that determines what compromises a “serious harm” or “serious risk”. There is no external body that performs this function. Additionally, there is no requirement to report to an overseeing body nor is there sanction for failing to notify individuals of a security breach.

These risk assessments are determined internally, and there is no external body or even the requirement to report to said external body. A WoW Account being stolen would not be classified under "serious harm" or "serious risk" for the individual involved. Hence, Blizzard is exempt from data breach notifications. Even credit card theft would not be a trigger due to the low risk involved to the victim (unlike healthcare information.)

Data breach notification laws were primarily focused on the health care industry, government and educational sectors. There are other private organizations that report breaches, but it all depends on the type of data they keep. If you're interested in data breach announcements, check out Google.com/News -> Search for "data breach".

Now, if something very bad were to happen, then yes - a large announcement would be made. The information would leak eventually so it's in the corporation's best interest as it would look very bad if they tried to hide the fact that some 200,000 accounts were breached. However, 50-200 account breaches per week is negligible and an official announcement is unnecessary and not required by law.

To summarize, under existing law Blizzard is under no obligation to alert the public, or even the individual themselves, in the event of an internal or external account breaches.

I received some really good feedback from the Reddit community from my post there. Here were the strongest arguments available and I'll go through each of them:

There is no increase in hacking of WoW accounts. Here's your tinfoil hat.

Blizzard is required by federal and state law to notify everyone of any such breach. Since there has been no notifications, no breaches have occurred.

Blizzard's systems are foolproof, it's impossible to compromise their database. They have layers and layers of security.

Blizzard does not employ fraud specialists or fraud managers: "I see a blog hosted on a free site with one post that seems to be trying to make some kind of conspiracy theory about Blizzard recently having a job listing up for a "fraud manager".

The point of my first post was simply to convey awareness of the types of jobs/careers at Blizzard (all public information) and the subsequent success and effectiveness of Blizzard's reputation management (ie, "Blizzard indoctrination of users"). Users should not always be blamed for their accounts being hacked - I just want to make it clear that it's not always the user's fault. There are a lot of factors that the general public is not aware of.)

Argument #1: There is no increase in hacking.

I haven't been able to find any official and clear announcements that confirm that there is no increase in hacking incidents. (Not that there ever will be any official statements from Blizzard.)

However, there are a lot of users claiming that Blizzard has confirmed multiple times that there has been no increase. (See "Blizzard indoctrination".)

There are plenty of blue posts that redirect the issue however - e.g. "We take these matters seriously. Please check your own PC. etc. etc." All of the responses are in accordance with their internal company policy (ie, kept as ambiguous as possible so as not to confirm or deny anything.) For example, they're not saying for a fact your computer is infected with keyloggers, but you should check your security anyways. =]

Just like any good business, Blizzard maintains internal records of ongoing investigations and issues. There are internal statistics that would show hacking/fraud trends, but this information will never be released by Blizzard - it's private and confidential. Why would they release this information and hurt their reputation and business?

Fortunately, there are other methods of obtaining data and trends. Consider this, what's the first thing an average user does when their account has been hacked?

They probably call Blizzard, post on their forums, but definitely do a Google search for available solutions.

Blizzard support lines are down due to severe load and WoW Forum posts do indicate an upwards trend (and questioning of this trend) of account hacking over the past few months.

But let's see what the pinnacle of human-behavior-tracking (Google) has to say:

WOW!!

That's some spike in the number WoW accounts being hacked.. and coincidentally, all within the same timeframe as mentioned by users on the forums. Google Trends/Insight can provide a great wealth of information, and in this case, has shown significant growth (an explosion if you will) of compromised accounts within the past few months.

What could possibly account for this quantity of accounts being compromised simultaneously, when there has been increased education and security of user's PCs/accounts and yet no changes in account hacking trends?

To also show that the increase in hacked WoW accounts is not directly related to growth in subscription counts (ie, user base), here's a chart that shows total WoW subscriptions from 2004 to June 2010:

As you can see, WoW hacking incidents have increased while subscription levels have actually decreased or remained steady.

Does this not confirm that there is actually an upwards trend in hacking activities?

Total number of players is decreasing.

Increased education of users (security, scams, etc.)

Increased security measures and new detection tools.

Total number of hacking incidents is increasing.

Additional Notes:

Note the frequency of Blizzard's announcements regarding their customer base. They used to make an announcement quite regularly with each surge, but it's completely stopped for over a year now.

Although the authenticator is not flawless (man-in-middle attacks), I would recommend that everyone get one. An added layer of authentication is highly valuable, and significantly increases the security of your account.

* UPDATE:

I received a comment from Ty (****bluc@yahoo.com) who writes:

"My account was recently hacked for the first time, as well as a friend that had not played in months. When I called Blizz support, they did indicate that it may take some time to restore due to an increase in the volume of hacked accounts, recently."

So, there's another: Blizzard Support also states that there has been an increase in volume of hacked accounts.

* UPDATE:

In the original Reddit post, a user named "nattylife" even claimed that they worked for Blizzard and yet the individual has never heard of any security breaches within Blizzard. Really? There have been many breaches that have occurred in the past. These are just the ones that made it public and some news items Blizzard has issued C&D's for. And yet they've been completely oblivious to all of this? Does that mean that most Customer Support staff have no insight into Blizzard's internal security issues? It seems so, and I have also confirmed this from other sources.

Keep in mind, too, that a LOT of Blizzard's customer support is outsourced to call centers where information of his nature is unavailable.

Some of the feedback I received on Reddit (as you can see yourself) was a little disappointing. Unfortunately, this is a VERY COMMON issue on Reddit, where most users simply read the subject line and the first paragraph, and then say "WRONG!" without ever providing supporting evidence or research.